OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/ssl/ssl_policy.h" | 5 #include "content/browser/ssl/ssl_policy.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/memory/singleton.h" | 10 #include "base/memory/singleton.h" |
(...skipping 26 matching lines...) Expand all Loading... |
37 | 37 |
38 namespace content { | 38 namespace content { |
39 | 39 |
40 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) | 40 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) |
41 : backend_(backend) { | 41 : backend_(backend) { |
42 DCHECK(backend_); | 42 DCHECK(backend_); |
43 } | 43 } |
44 | 44 |
45 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { | 45 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { |
46 // First we check if we know the policy for this error. | 46 // First we check if we know the policy for this error. |
47 net::CertPolicy::Judgment judgment = | 47 net::CertPolicy::Judgment judgment = backend_->QueryPolicy( |
48 backend_->QueryPolicy(handler->ssl_info().cert, | 48 handler->ssl_info().cert.get(), handler->request_url().host()); |
49 handler->request_url().host()); | |
50 | 49 |
51 if (judgment == net::CertPolicy::ALLOWED) { | 50 if (judgment == net::CertPolicy::ALLOWED) { |
52 handler->ContinueRequest(); | 51 handler->ContinueRequest(); |
53 return; | 52 return; |
54 } | 53 } |
55 | 54 |
56 // The judgment is either DENIED or UNKNOWN. | 55 // The judgment is either DENIED or UNKNOWN. |
57 // For now we handle the DENIED as the UNKNOWN, which means a blocking | 56 // For now we handle the DENIED as the UNKNOWN, which means a blocking |
58 // page is shown to the user every time he comes back to the page. | 57 // page is shown to the user every time he comes back to the page. |
59 | 58 |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
166 // Default behavior for accepting a certificate. | 165 // Default behavior for accepting a certificate. |
167 // Note that we should not call SetMaxSecurityStyle here, because the active | 166 // Note that we should not call SetMaxSecurityStyle here, because the active |
168 // NavigationEntry has just been deleted (in HideInterstitialPage) and the | 167 // NavigationEntry has just been deleted (in HideInterstitialPage) and the |
169 // new NavigationEntry will not be set until DidNavigate. This is ok, | 168 // new NavigationEntry will not be set until DidNavigate. This is ok, |
170 // because the new NavigationEntry will have its max security style set | 169 // because the new NavigationEntry will have its max security style set |
171 // within DidNavigate. | 170 // within DidNavigate. |
172 // | 171 // |
173 // While AllowCertForHost() executes synchronously on this thread, | 172 // While AllowCertForHost() executes synchronously on this thread, |
174 // ContinueRequest() gets posted to a different thread. Calling | 173 // ContinueRequest() gets posted to a different thread. Calling |
175 // AllowCertForHost() first ensures deterministic ordering. | 174 // AllowCertForHost() first ensures deterministic ordering. |
176 backend_->AllowCertForHost(handler->ssl_info().cert, | 175 backend_->AllowCertForHost(handler->ssl_info().cert.get(), |
177 handler->request_url().host()); | 176 handler->request_url().host()); |
178 handler->ContinueRequest(); | 177 handler->ContinueRequest(); |
179 } else { | 178 } else { |
180 // Default behavior for rejecting a certificate. | 179 // Default behavior for rejecting a certificate. |
181 // | 180 // |
182 // While DenyCertForHost() executes synchronously on this thread, | 181 // While DenyCertForHost() executes synchronously on this thread, |
183 // CancelRequest() gets posted to a different thread. Calling | 182 // CancelRequest() gets posted to a different thread. Calling |
184 // DenyCertForHost() first ensures deterministic ordering. | 183 // DenyCertForHost() first ensures deterministic ordering. |
185 backend_->DenyCertForHost(handler->ssl_info().cert, | 184 backend_->DenyCertForHost(handler->ssl_info().cert.get(), |
186 handler->request_url().host()); | 185 handler->request_url().host()); |
187 handler->CancelRequest(); | 186 handler->CancelRequest(); |
188 } | 187 } |
189 } | 188 } |
190 | 189 |
191 //////////////////////////////////////////////////////////////////////////////// | 190 //////////////////////////////////////////////////////////////////////////////// |
192 // Certificate Error Routines | 191 // Certificate Error Routines |
193 | 192 |
194 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, | 193 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, |
195 bool overridable, | 194 bool overridable, |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
230 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; | 229 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; |
231 } | 230 } |
232 | 231 |
233 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { | 232 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |
234 GURL parsed_origin(origin); | 233 GURL parsed_origin(origin); |
235 if (parsed_origin.SchemeIsSecure()) | 234 if (parsed_origin.SchemeIsSecure()) |
236 backend_->HostRanInsecureContent(parsed_origin.host(), pid); | 235 backend_->HostRanInsecureContent(parsed_origin.host(), pid); |
237 } | 236 } |
238 | 237 |
239 } // namespace content | 238 } // namespace content |
OLD | NEW |